On 9/28/05, Daniel J Walsh <dwalsh(a)redhat.com> wrote:
Tom Lisjac wrote:
>On 9/27/05, Daniel J Walsh <dwalsh(a)redhat.com> wrote:
>>Tom Lisjac wrote:
>>>I'm trying to make samba shares available on a new FC4 server...
>>>When I switched to enforcing, I couldn't connect... and there were no
>>>new AVC's. Switching back to permissive worked.
>I've been relabelling the public_html directories as
>user_u:object_r:httpd_user_content_t so Apache won't complain... but I
>can't see this directory in the mounted samba shares. Audit2allow
>returns the following:
>
>allow smbd_t httpd_sys_content_t:dir getattr;
>
>Is my labelling for public_html correct... or is there another switch
>I can throw to allow samba to read and write to this directory?
>
Try chcon -t public_content_rw_t public_html.
(or ftpd_anon_rw_t if public_content_rw_t does not exist)
Then setsebool -P allow_smbd_anon_write=1
That should allow http to read and samba to write.
That fixed Samba so I could see public_html from the shares... but
Apache complained when trying to serve content:
allow httpd_t ftpd_anon_rw_t:dir getattr;
I got everything working for both Samba and Apache by turning on the
samba_enable_home_dirs boolean, per your suggestion, and adding the
following to local.te:
allow smbd_t httpd_sys_content_t:dir { add_name create getattr read
remove_name rename rmdir search write };
allow smbd_t httpd_sys_content_t:file { create getattr lock read
setattr unlink write };
I was hoping to make it work without the policy sources, but I can
live with this. Incidentally, audit2allow didn't add the curly braces
to the first line. Compilation failed until I put them in.
Thanks for your help... much appreciated!
-Tom